Jump to content


Photo

skybox999 - splitted from other topic


  • This topic is locked This topic is locked
2 replies to this topic

#1 skybox999

skybox999

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 October 2011 - 12:43 AM

Hi,

I have a similar issue. Please help! I tried to install the ad-aware but it gets killed automatically after it scan up to 3000 objects. Then, when I tried to run it again - I got cannot connect to service.

I ran the TDSSKiller and it did found 2 issues: Rootkit.Win32.PMax.gen and Rootkit.Win32.Zaccess.e. For the first one, action is Delete so, I set it to Skip and for second one, the action is Cure. After Continue and reboot, both issues are still there.

Here are the logs:

1. From TDSSKiller:

19:30:43.0593 0500 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
19:30:43.0843 0500 ============================================================
19:30:43.0843 0500 Current date / time: 2011/10/25 19:30:43.0843
19:30:43.0843 0500 SystemInfo:
19:30:43.0843 0500
19:30:43.0843 0500 OS Version: 5.1.2600 ServicePack: 3.0
19:30:43.0843 0500 Product type: Workstation
19:30:43.0843 0500 ComputerName: ZEUS
19:30:43.0843 0500 UserName: John
19:30:43.0843 0500 Windows directory: C:\WINDOWS
19:30:43.0843 0500 System windows directory: C:\WINDOWS
19:30:43.0843 0500 Processor architecture: Intel x86
19:30:43.0843 0500 Number of processors: 2
19:30:43.0843 0500 Page size: 0x1000
19:30:43.0843 0500 Boot type: Normal boot
19:30:43.0843 0500 ============================================================
19:30:44.0875 0500 Initialize success
19:30:57.0468 1792 ============================================================
19:30:57.0468 1792 Scan started
19:30:57.0468 1792 Mode: Manual; SigCheck; TDLFS;
19:30:57.0468 1792 ============================================================
19:31:01.0281 1792 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
19:31:02.0062 1792 61883 - ok
19:31:02.0531 1792 72cecc6 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\3337366535:4174582585.exe
19:31:03.0765 1792 Suspicious file (Hidden): C:\WINDOWS\3337366535:4174582585.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
19:31:03.0765 1792 72cecc6 ( Rootkit.Win32.PMax.gen ) - infected
19:31:03.0765 1792 72cecc6 - detected Rootkit.Win32.PMax.gen (0)
19:31:04.0656 1792 Abiosdsk - ok
19:31:04.0781 1792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:31:05.0250 1792 abp480n5 - ok
19:31:05.0828 1792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:31:06.0250 1792 ACPI - ok
19:31:06.0609 1792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:31:06.0937 1792 ACPIEC - ok
19:31:07.0546 1792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:31:07.0812 1792 adpu160m - ok
19:31:08.0390 1792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:31:08.0609 1792 aec - ok
19:31:10.0140 1792 AFD (140aac8460bb1388835e5f63be93172f) C:\WINDOWS\System32\drivers\afd.sys
19:31:10.0203 1792 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 140aac8460bb1388835e5f63be93172f, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
19:31:10.0218 1792 AFD ( Rootkit.Win32.ZAccess.e ) - infected
19:31:10.0218 1792 AFD - detected Rootkit.Win32.ZAccess.e (0)
19:31:10.0640 1792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:31:10.0953 1792 agp440 - ok
19:31:11.0390 1792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:31:11.0671 1792 agpCPQ - ok
19:31:11.0890 1792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:31:12.0015 1792 Aha154x - ok
19:31:12.0218 1792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:31:12.0375 1792 aic78u2 - ok
19:31:12.0453 1792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:31:12.0640 1792 aic78xx - ok
19:31:12.0671 1792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:31:12.0828 1792 AliIde - ok
19:31:13.0093 1792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:31:13.0296 1792 alim1541 - ok
19:31:13.0406 1792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:31:13.0562 1792 amdagp - ok
19:31:13.0593 1792 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:31:13.0656 1792 AmdK8 - ok
19:31:13.0734 1792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:31:13.0812 1792 amsint - ok
19:31:14.0218 1792 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:31:14.0765 1792 Arp1394 - ok
19:31:14.0890 1792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:31:15.0140 1792 asc - ok
19:31:15.0171 1792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:31:15.0234 1792 asc3350p - ok
19:31:15.0328 1792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:31:15.0453 1792 asc3550 - ok
19:31:15.0484 1792 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
19:31:15.0500 1792 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
19:31:15.0500 1792 ASCTRM - detected UnsignedFile.Multi.Generic (1)
19:31:15.0593 1792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:31:15.0734 1792 AsyncMac - ok
19:31:15.0765 1792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:31:15.0890 1792 atapi - ok
19:31:15.0906 1792 Atdisk - ok
19:31:15.0953 1792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:31:16.0078 1792 Atmarpc - ok
19:31:16.0109 1792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:31:16.0250 1792 audstub - ok
19:31:16.0406 1792 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
19:31:16.0546 1792 Avc - ok
19:31:17.0078 1792 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:31:33.0750 1792 AVGIDSDriver - ok
19:31:34.0890 1792 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:31:45.0859 1792 AVGIDSEH - ok
19:31:46.0375 1792 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:31:46.0390 1792 AVGIDSFilter - ok
19:31:47.0000 1792 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:31:47.0078 1792 AVGIDSShim - ok
19:31:47.0187 1792 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:31:47.0250 1792 Avgldx86 - ok
19:31:47.0453 1792 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:31:47.0484 1792 Avgmfx86 - ok
19:31:47.0515 1792 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:31:47.0578 1792 Avgrkx86 - ok
19:31:48.0218 1792 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:31:48.0296 1792 Avgtdix - ok
19:31:48.0750 1792 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:31:48.0921 1792 bcm4sbxp - ok
19:31:49.0906 1792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:31:50.0640 1792 Beep - ok
19:31:51.0828 1792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:31:52.0187 1792 cbidf - ok
19:31:53.0140 1792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:31:54.0953 1792 cbidf2k - ok
19:31:56.0218 1792 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:31:58.0093 1792 CCDECODE - ok
19:31:59.0171 1792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:31:59.0359 1792 cd20xrnt - ok
19:32:00.0390 1792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:32:00.0734 1792 Cdaudio - ok
19:32:01.0781 1792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:32:02.0015 1792 Cdfs - ok
19:32:02.0500 1792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:32:04.0421 1792 Cdrom - ok
19:32:04.0984 1792 Changer - ok
19:32:05.0281 1792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:32:05.0578 1792 CmdIde - ok
19:32:05.0656 1792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:32:05.0843 1792 Cpqarray - ok
19:32:06.0312 1792 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
19:32:06.0437 1792 ctxusbm - ok
19:32:06.0843 1792 CVUVC (b190b95bbe6a11f4280a20de6d9b6913) C:\WINDOWS\system32\DRIVERS\cvuvc.sys
19:32:08.0453 1792 CVUVC - ok
19:32:09.0296 1792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:32:09.0609 1792 dac2w2k - ok
19:32:10.0593 1792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:32:10.0921 1792 dac960nt - ok
19:32:11.0875 1792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:32:15.0328 1792 Disk - ok
19:32:15.0750 1792 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:32:15.0781 1792 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
19:32:15.0781 1792 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
19:32:16.0406 1792 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:32:17.0515 1792 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
19:32:17.0515 1792 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
19:32:18.0156 1792 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
19:32:18.0218 1792 DLADResN ( UnsignedFile.Multi.Generic ) - warning
19:32:18.0218 1792 DLADResN - detected UnsignedFile.Multi.Generic (1)
19:32:18.0812 1792 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:32:18.0843 1792 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
19:32:18.0843 1792 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
19:32:19.0203 1792 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:32:19.0250 1792 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
19:32:19.0250 1792 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
19:32:19.0390 1792 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:32:19.0421 1792 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
19:32:19.0421 1792 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
19:32:19.0859 1792 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:32:19.0890 1792 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
19:32:19.0890 1792 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
19:32:20.0343 1792 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:32:20.0375 1792 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
19:32:20.0375 1792 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
19:32:20.0968 1792 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:32:21.0046 1792 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
19:32:21.0046 1792 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
19:32:22.0468 1792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:32:22.0875 1792 dmboot - ok
19:32:23.0359 1792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:32:23.0531 1792 dmio - ok
19:32:24.0187 1792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:32:24.0406 1792 dmload - ok
19:32:24.0921 1792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:32:25.0062 1792 DMusic - ok
19:32:25.0562 1792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:32:25.0765 1792 dpti2o - ok
19:32:27.0343 1792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:32:30.0265 1792 drmkaud - ok
19:32:31.0093 1792 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:32:31.0156 1792 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
19:32:31.0156 1792 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
19:32:32.0531 1792 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:32:32.0562 1792 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
19:32:32.0562 1792 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
19:32:32.0593 1792 DSproct - ok
19:32:33.0359 1792 dwusbdnt (732ab6d2fc7f2afebc4a9d2750655b7f) C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys
19:32:33.0437 1792 dwusbdnt - ok
19:32:34.0046 1792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:32:34.0375 1792 E100B - ok
19:32:34.0921 1792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:32:35.0109 1792 Fastfat - ok
19:32:35.0546 1792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:32:35.0687 1792 Fdc - ok
19:32:36.0078 1792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:32:36.0234 1792 Fips - ok
19:32:36.0640 1792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:32:38.0078 1792 Flpydisk - ok
19:32:38.0500 1792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:32:38.0796 1792 FltMgr - ok
19:32:39.0390 1792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:32:39.0625 1792 Fs_Rec - ok
19:32:39.0984 1792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:32:40.0171 1792 Ftdisk - ok
19:32:40.0890 1792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:32:41.0656 1792 GEARAspiWDM - ok
19:32:42.0250 1792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:32:42.0703 1792 Gpc - ok
19:32:43.0093 1792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:32:43.0250 1792 HDAudBus - ok
19:32:43.0750 1792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:32:43.0906 1792 HidUsb - ok
19:32:44.0296 1792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:32:44.0500 1792 hpn - ok
19:32:44.0531 1792 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:32:44.0578 1792 HSFHWBS2 - ok
19:32:44.0781 1792 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:32:44.0984 1792 HSF_DP - ok
19:32:45.0546 1792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:32:45.0625 1792 HTTP - ok
19:32:46.0015 1792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:32:46.0265 1792 i2omgmt - ok
19:32:47.0031 1792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:32:47.0250 1792 i2omp - ok
19:32:47.0937 1792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:32:48.0156 1792 i8042prt - ok
19:32:49.0968 1792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:32:50.0437 1792 Imapi - ok
19:32:51.0140 1792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:32:51.0343 1792 ini910u - ok
19:32:52.0109 1792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:32:52.0343 1792 IntelIde - ok
19:32:53.0796 1792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:32:54.0296 1792 intelppm - ok
19:32:55.0156 1792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:32:55.0375 1792 Ip6Fw - ok
19:32:56.0296 1792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:32:56.0546 1792 IpFilterDriver - ok
19:32:57.0484 1792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:32:57.0656 1792 IpInIp - ok
19:32:58.0484 1792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:32:58.0625 1792 IpNat - ok
19:32:59.0609 1792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:32:59.0828 1792 IPSec - ok
19:33:00.0437 1792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:33:00.0734 1792 IRENUM - ok
19:33:01.0265 1792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:33:01.0515 1792 isapnp - ok
19:33:03.0718 1792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:33:04.0109 1792 Kbdclass - ok
19:33:04.0578 1792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:33:04.0859 1792 kbdhid - ok
19:33:05.0328 1792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:33:05.0453 1792 kmixer - ok
19:33:06.0406 1792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:33:06.0609 1792 KSecDD - ok
19:33:06.0828 1792 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:33:06.0875 1792 Lavasoft Kernexplorer - ok
19:33:07.0656 1792 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
19:33:09.0218 1792 Lbd - ok
19:33:09.0750 1792 lbrtfdc - ok
19:33:09.0921 1792 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:33:10.0000 1792 mdmxsdk - ok
19:33:10.0250 1792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:33:10.0546 1792 mnmdd - ok
19:33:11.0187 1792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:33:11.0390 1792 Modem - ok
19:33:11.0921 1792 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:33:12.0109 1792 MODEMCSA - ok
19:33:12.0671 1792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:33:12.0890 1792 Mouclass - ok
19:33:14.0328 1792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:33:14.0593 1792 mouhid - ok
19:33:15.0390 1792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:33:15.0625 1792 MountMgr - ok
19:33:16.0421 1792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:33:16.0687 1792 mraid35x - ok
19:33:17.0515 1792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:33:17.0828 1792 MRxDAV - ok
19:33:19.0500 1792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:33:19.0734 1792 MRxSmb - ok
19:33:20.0390 1792 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
19:33:20.0937 1792 MSDV - ok
19:33:21.0500 1792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:33:21.0640 1792 Msfs - ok
19:33:22.0140 1792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:33:22.0296 1792 MSKSSRV - ok
19:33:22.0796 1792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:33:23.0031 1792 MSPCLOCK - ok
19:33:23.0625 1792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:33:23.0875 1792 MSPQM - ok
19:33:24.0468 1792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:33:24.0656 1792 mssmbios - ok
19:33:25.0359 1792 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:33:26.0265 1792 MSTEE - ok
19:33:26.0671 1792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:33:26.0750 1792 Mup - ok
19:33:27.0156 1792 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:33:27.0421 1792 NABTSFEC - ok
19:33:28.0312 1792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:33:28.0546 1792 NDIS - ok
19:33:29.0390 1792 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:33:29.0546 1792 NdisIP - ok
19:33:30.0437 1792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:33:30.0546 1792 NdisTapi - ok
19:33:30.0968 1792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:33:31.0187 1792 Ndisuio - ok
19:33:31.0453 1792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:33:32.0203 1792 NdisWan - ok
19:33:32.0953 1792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:33:33.0062 1792 NDProxy - ok
19:33:33.0687 1792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:33:33.0921 1792 NetBIOS - ok
19:33:34.0406 1792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:33:34.0703 1792 NetBT - ok
19:33:35.0421 1792 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:33:35.0640 1792 NIC1394 - ok
19:33:36.0468 1792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:33:38.0093 1792 Npfs - ok
19:33:38.0765 1792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:33:39.0062 1792 Ntfs - ok
19:33:39.0515 1792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:33:39.0687 1792 Null - ok
19:33:41.0218 1792 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:33:44.0453 1792 nv - ok
19:33:44.0875 1792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:33:45.0125 1792 NwlnkFlt - ok
19:33:45.0515 1792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:33:45.0656 1792 NwlnkFwd - ok
19:33:46.0281 1792 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:33:46.0531 1792 ohci1394 - ok
19:33:47.0140 1792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:33:47.0375 1792 Parport - ok
19:33:48.0500 1792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:33:49.0250 1792 PartMgr - ok
19:33:49.0625 1792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:33:49.0781 1792 ParVdm - ok
19:33:50.0328 1792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:33:50.0625 1792 PCI - ok
19:33:50.0968 1792 PCIDump - ok
19:33:51.0375 1792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:33:51.0687 1792 PCIIde - ok
19:33:52.0328 1792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:33:52.0546 1792 Pcmcia - ok
19:33:53.0031 1792 PDCOMP - ok
19:33:53.0453 1792 PDFRAME - ok
19:33:54.0062 1792 PDRELI - ok
19:33:55.0296 1792 PDRFRAME - ok
19:33:55.0515 1792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:33:55.0750 1792 perc2 - ok
19:33:56.0078 1792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:33:56.0218 1792 perc2hib - ok
19:33:56.0625 1792 pnarp (363127808e41ea960c39ed9f6412c0ce) C:\WINDOWS\system32\DRIVERS\pnarp.sys
19:33:56.0640 1792 pnarp - ok
19:33:57.0109 1792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:33:57.0343 1792 PptpMiniport - ok
19:33:58.0062 1792 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:33:58.0296 1792 Processor - ok
19:33:58.0859 1792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:33:59.0093 1792 PSched - ok
19:33:59.0906 1792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:34:00.0203 1792 Ptilink - ok
19:34:00.0750 1792 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
19:34:00.0765 1792 purendis - ok
19:34:01.0187 1792 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:34:01.0218 1792 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:34:01.0218 1792 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:34:01.0625 1792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:34:01.0859 1792 ql1080 - ok
19:34:02.0359 1792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:34:02.0734 1792 Ql10wnt - ok
19:34:03.0171 1792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:34:03.0312 1792 ql12160 - ok
19:34:03.0828 1792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:34:03.0968 1792 ql1240 - ok
19:34:04.0578 1792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:34:04.0796 1792 ql1280 - ok
19:34:05.0281 1792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:34:05.0515 1792 RasAcd - ok
19:34:06.0656 1792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:34:06.0968 1792 Rasl2tp - ok
19:34:07.0437 1792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:34:07.0593 1792 RasPppoe - ok
19:34:08.0140 1792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:34:08.0343 1792 Raspti - ok
19:34:09.0250 1792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:34:09.0531 1792 Rdbss - ok
19:34:10.0125 1792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:34:10.0359 1792 RDPCDD - ok
19:34:10.0937 1792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:34:11.0203 1792 rdpdr - ok
19:34:12.0375 1792 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:34:13.0015 1792 RDPWD - ok
19:34:13.0500 1792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:34:13.0765 1792 redbook - ok
19:34:14.0375 1792 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
19:34:14.0515 1792 RsFx0150 - ok
19:34:15.0406 1792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:34:15.0625 1792 Secdrv - ok
19:34:16.0093 1792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:34:16.0312 1792 serenum - ok
19:34:17.0156 1792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:34:17.0812 1792 Serial - ok
19:34:18.0250 1792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:34:18.0453 1792 Sfloppy - ok
19:34:18.0828 1792 Simbad - ok
19:34:19.0250 1792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:34:19.0546 1792 sisagp - ok
19:34:20.0109 1792 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:34:20.0343 1792 SLIP - ok
19:34:20.0890 1792 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:34:21.0125 1792 SONYPVU1 - ok
19:34:21.0750 1792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:34:21.0906 1792 Sparrow - ok
19:34:22.0406 1792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:34:22.0625 1792 splitter - ok
19:34:23.0312 1792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:34:23.0859 1792 sr - ok
19:34:24.0406 1792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:34:24.0671 1792 Srv - ok
19:34:25.0531 1792 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
19:34:25.0937 1792 STHDA - ok
19:34:26.0781 1792 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:34:26.0953 1792 streamip - ok
19:34:27.0718 1792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:34:27.0921 1792 swenum - ok
19:34:29.0171 1792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:34:29.0593 1792 swmidi - ok
19:34:30.0359 1792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:34:30.0562 1792 symc810 - ok
19:34:31.0546 1792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:34:31.0765 1792 symc8xx - ok
19:34:32.0750 1792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:34:37.0703 1792 sym_hi - ok
19:34:38.0937 1792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:34:40.0234 1792 sym_u3 - ok
19:34:41.0265 1792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:34:41.0484 1792 sysaudio - ok
19:34:43.0000 1792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:34:45.0328 1792 Tcpip - ok
19:34:46.0328 1792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:34:46.0578 1792 TDPIPE - ok
19:34:46.0937 1792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:34:47.0937 1792 TDTCP - ok
19:34:49.0109 1792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:34:49.0343 1792 TermDD - ok
19:34:51.0171 1792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:34:51.0734 1792 TosIde - ok
19:34:53.0000 1792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:34:53.0328 1792 Udfs - ok
19:34:54.0156 1792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:34:54.0328 1792 ultra - ok
19:34:55.0015 1792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:34:55.0937 1792 Update - ok
19:34:56.0312 1792 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:34:56.0500 1792 USBAAPL - ok
19:34:57.0062 1792 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:34:57.0343 1792 usbaudio - ok
19:34:58.0015 1792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:34:58.0296 1792 usbccgp - ok
19:34:59.0000 1792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:34:59.0171 1792 usbehci - ok
19:35:00.0375 1792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:35:00.0968 1792 usbhub - ok
19:35:01.0625 1792 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:35:02.0000 1792 usbohci - ok
19:35:02.0703 1792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:35:02.0953 1792 usbprint - ok
19:35:03.0546 1792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:35:03.0765 1792 usbscan - ok
19:35:04.0406 1792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:35:04.0656 1792 USBSTOR - ok
19:35:05.0296 1792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:35:05.0546 1792 usbuhci - ok
19:35:06.0250 1792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:35:06.0593 1792 VgaSave - ok
19:35:07.0312 1792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:35:08.0546 1792 viaagp - ok
19:35:09.0140 1792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:35:09.0375 1792 ViaIde - ok
19:35:10.0031 1792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:35:10.0281 1792 VolSnap - ok
19:35:10.0796 1792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:35:11.0015 1792 Wanarp - ok
19:35:11.0843 1792 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:35:12.0484 1792 wanatw - ok
19:35:13.0265 1792 WDICA - ok
19:35:14.0000 1792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:35:14.0234 1792 wdmaud - ok
19:35:15.0109 1792 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:35:15.0468 1792 winachsf - ok
19:35:16.0250 1792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:35:16.0468 1792 WS2IFSL - ok
19:35:17.0046 1792 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:35:17.0343 1792 WSTCODEC - ok
19:35:17.0406 1792 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
19:35:20.0656 1792 \Device\Harddisk0\DR0 - ok
19:35:20.0687 1792 Boot (0x1200) (220f47d457d8067b1504d207cfcda2dc) \Device\Harddisk0\DR0\Partition0
19:35:20.0734 1792 \Device\Harddisk0\DR0\Partition0 - ok
19:35:20.0734 1792 ============================================================
19:35:20.0734 1792 Scan finished
19:35:20.0734 1792 ============================================================
19:35:20.0859 1292 Detected object count: 15
19:35:20.0859 1292 Actual detected object count: 15
19:57:13.0171 1292 72cecc6 ( Rootkit.Win32.PMax.gen ) - skipped by user
19:57:13.0218 1292 72cecc6 ( Rootkit.Win32.PMax.gen ) - User select action: Skip
19:57:15.0812 1292 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
19:57:22.0453 1292 Backup copy found, using it..
19:57:22.0859 1292 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
19:57:22.0859 1292 AFD ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
19:57:22.0859 1292 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0859 1292 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0859 1292 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0859 1292 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0859 1292 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0859 1292 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0859 1292 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0859 1292 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0875 1292 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0875 1292 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0875 1292 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0875 1292 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0875 1292 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0875 1292 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0875 1292 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0875 1292 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0875 1292 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0890 1292 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0890 1292 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0890 1292 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0890 1292 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0890 1292 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0890 1292 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0890 1292 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:22.0890 1292 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:22.0890 1292 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:36.0843 4028 Deinitialize success
2. From OTL, Extras:

OTL Extras logfile created on: 10/25/2011 8:05:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Download\antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 55.93% Memory free
3.78 Gb Paging File | 3.13 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.56 Gb Total Space | 69.73 Gb Free Space | 47.90% Space Free | Partition Type: NTFS

Computer Name: ZEUS | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] --
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37687:UDP" = 37687:UDP:*:Enabled:ooVoo UDP port 37687
"37675:TCP" = 37675:TCP:*:Enabled:ooVoo TCP port 37675
"37676:UDP" = 37676:UDP:*:Enabled:ooVoo UDP port 37676
"37688:TCP" = 37688:TCP:*:Disabled:ooVoo TCP port 37688
"37688:UDP" = 37688:UDP:*:Disabled:ooVoo UDP port 37688
"37693:UDP" = 37693:UDP:*:Disabled:ooVoo UDP port 37693
"37682:TCP" = 37682:TCP:*:Enabled:ooVoo TCP port 37682
"37682:UDP" = 37682:UDP:*:Enabled:ooVoo UDP port 37682
"37683:UDP" = 37683:UDP:*:Enabled:ooVoo UDP port 37683
"37685:TCP" = 37685:TCP:*:Enabled:ooVoo TCP port 37685
"37685:UDP" = 37685:UDP:*:Enabled:ooVoo UDP port 37685
"37735:TCP" = 37735:TCP:*:Enabled:ooVoo TCP port 37735
"37735:UDP" = 37735:UDP:*:Enabled:ooVoo UDP port 37735
"37739:UDP" = 37739:UDP:*:Enabled:ooVoo UDP port 37739

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- ()
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- ()
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Home Networking Application
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\AOL\1175966489\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1175966489\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe" = C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe:LocalSubNet:Enabled:MySQL Workbench -- (Oracle Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Apache2\bin\Apache.exe" = C:\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- ()
"C:\Program Files\Funshion Online\Funshion\FunshionService.exe" = C:\Program Files\Funshion Online\Funshion\FunshionService.exe:*:Enabled:FunshionService
"C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe" = C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe:*:Enabled:FunshionUpgrade
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- ()
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- ()
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Funshion Online\Funshion\Funshion.exe" = C:\Program Files\Funshion Online\Funshion\Funshion.exe:*:Enabled:Funshion
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Messaging)
"C:\WINDOWS\system32\msfeedssync.exe" = C:\WINDOWS\system32\msfeedssync.exe:*:Enabled:Microsoft Feeds Synchronization -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe" = C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe:*:Enabled:TurboTax 2008 Installer
"C:\Documents and Settings\John\Local Settings\Temp\dc2c4e21-cd72-4196-8dac-6bbdfae77847\TurboTax 2008 Installer.exe" = C:\Documents and Settings\John\Local Settings\Temp\dc2c4e21-cd72-4196-8dac-6bbdfae77847\TurboTax 2008 Installer.exe:*:Enabled:TurboTax 2008 Installer -- (Intuit)
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe:*:Enabled:Adobe Reader 7.0 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Enabled:InstallShield Update Service Agent -- (InstallShield Software Corporation)
"C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Funshion Online\Funshion\FunshionAddr\ASBarBroker.exe" = C:\Program Files\Funshion Online\Funshion\FunshionAddr\ASBarBroker.exe:*:Enabled:??????????
"C:\Documents and Settings\John\Local Settings\Temp\~nsu.tmp\Au_.exe" = C:\Documents and Settings\John\Local Settings\Temp\~nsu.tmp\Au_.exe:*:Enabled:Funshion Installation
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\738c488ab9651fafccaa58d7\Setup.exe" = C:\738c488ab9651fafccaa58d7\Setup.exe:*:Enabled:Setup Installer
"C:\Download\antivirus\tdsskiller\TDSSKiller.exe" = C:\Download\antivirus\tdsskiller\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool -- (Kaspersky Lab ZAO)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{029A95A8-E814-4760-B5A1-0D46E2D62FB1}" = PHP 5.2.17
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{046755CA-F677-4B7F-AF9A-6AB295A02A30}" = Microsoft SQL Server 2008 R2 Native Client
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}" = Microsoft F# Runtime for Silvelight 4
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DDCCEA5-2AA4-4ABB-BCAD-41BB115A4333}" = Microsoft Silverlight 4 Toolkit April 2010
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A3A4F4-B792-11D6-A78A-00B0D0142160}" = Java 2 SDK, SE v1.4.2_16
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{38766225-85FA-469B-A373-82BF1923A7E4}" = MySQL Workbench 5.2 CE
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A862C7D-0504-48BC-AEF8-7F7479C7C158}" = Apache HTTP Server 2.0.59
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CB15F63-7D48-4694-B68E-3D6E25D5C932}" = MySQL Server 5.0
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}" = Zend Optimizer
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight 4 Tools for Visual Studio 2010
"{57BADDF0-859A-47BC-8940-143E9F3F5629}" = Pure Networks Platform
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142160}" = Java 2 Runtime Environment, SE v1.4.2_16
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76866BE3-B2C7-40BB-B267-927792AED0C3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC6175-D2C5-4FA7-91E8-E2A9431A5CDA}" = WCF RIA Services V1.0 for Visual Studio 2010
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0F9E47D-3132-4DA0-98E7-A8A9C6716C90}" = Microsoft ASP.NET MVC 2 - VWD Express 2008 Tools
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AppInventor Setup" = AppInventor Setup
"AspUpload" = AspUpload
"AVG" = AVG 2012
"C0A0AA4D-C79B-48CA-8843-2B02B626C9E6" = Blackhawk Striker 2
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CSCLIB" = Canon Camera Support Core Library
"CuteFTP Pro" = CuteFTP Pro
"Dell Color Printer 725" = Dell Color Printer 725
"Dell Game Console" = Dell Game Console
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Fiddler2" = Fiddler2
"FTP Voyager_is1" = FTP Voyager 14.0
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"IsoBuster_is1" = IsoBuster 2.4
"LG USB Drivers" = LG USB Drivers
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SearchAssist" = SearchAssist
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"UltraEdit-32" = UltraEdit-32 Uninstall
"ViewpointMediaPlayer" = Viewpoint Media Player
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Draw 4 App" = Draw 4 App
"Google Chrome" = Google Chrome
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)

< End of report >

3. From OTL


OTL logfile created on: 10/25/2011 8:05:27 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Download\antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 55.93% Memory free
3.78 Gb Paging File | 3.13 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.56 Gb Total Space | 69.73 Gb Free Space | 47.90% Space Free | Partition Type: NTFS

Computer Name: ZEUS | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Download\antivirus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe ()
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\AOL\1175966489\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
MOD - C:\Program Files\AVG\AVG2012\avgrsx.exe ()
MOD - C:\Program Files\AVG\AVG2012\avgcsrvx.exe ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe ()
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe ()
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe ()
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (dlcf_device) -- C:\WINDOWS\System32\dlcfcoms.exe ( )
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe ()
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ()
SRV - (MSSQLSERVER) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe ()


========== Driver Services (SafeList) ==========

DRV - (AFD) -- C:\WINDOWS\System32\drivers\tsk1CC.tmp ()
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RsFx0150) -- C:\WINDOWS\system32\drivers\RsFx0150.sys (Microsoft Corporation)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CVUVC) Cisco VT Camera II(UVC) -- C:\WINDOWS\system32\drivers\Cvuvc.sys (Logitech Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (dwusbdnt) -- C:\WINDOWS\system32\drivers\dwusbdnt.sys (Digit@lway Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...ype=tb50fftrie7"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.cubehelper.com/"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8
FF - prefs.js..extensions.enabledItems: avg@toolbar:8.0.0.34.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829
FF - prefs.js..keyword.URL: "http://isearch.avg.c...:24:44&sap=ku="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010/09/14 07:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/07 08:50:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/02 19:46:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/02 19:46:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/16 20:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/09/29 19:23:06 | 000,000,000 | ---D | M]

[2010/06/13 20:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/06/13 20:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/29 20:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\bqgh9iu8.default\extensions
[2009/06/27 17:09:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\bqgh9iu8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/21 14:41:11 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\bqgh9iu8.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/09/29 19:24:57 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\bqgh9iu8.default\extensions\avg@toolbar
[2009/03/21 14:41:19 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\bqgh9iu8.default\searchplugins\aim-search.xml
[2011/09/29 20:52:19 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\bqgh9iu8.default\searchplugins\avg-secure-search.xml
[2010/12/19 23:17:03 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\bqgh9iu8.default\searchplugins\bing-zugo.xml
[2011/09/24 22:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/07 08:50:42 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/09/14 07:14:02 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...fr&d=2011-09-29 19:24:44&v=8.0.0.34&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...{outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll File not found
O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\eTrust Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe ()
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175966489\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169262104622 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.winkflash...geUploader4.cab (Image Uploader Control)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.originat...emote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: vzTCPConfig https://essentialsan...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B5BDD20-6052-4E6D-A15C-E7F8C4E53648}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\John\Local Settings\Application Data\072cecc6\X) -C:\Documents and Settings\John\Local Settings\Application Data\072cecc6\X ()
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{45c18358-ad9c-11db-8c74-00188b72bf5b}\Shell - "" = AutoRun
O33 - MountPoints2\{45c18358-ad9c-11db-8c74-00188b72bf5b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45c18358-ad9c-11db-8c74-00188b72bf5b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
File not found -- C:\WINDOWS\
[2011/10/25 19:57:23 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\55151224.sys
[2011/10/25 19:18:17 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/10/25 19:10:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/10/24 20:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/24 19:32:01 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/24 19:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/24 19:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/10/24 19:02:39 | 000,000,000 | ---D | C] -- C:\6db4259de50f98a5cafe6e76c595
[2011/10/23 22:43:35 | 000,000,000 | ---D | C] -- C:\d36a2842c43c80ed1a0d6f6a
[2011/10/23 18:34:09 | 000,000,000 | ---D | C] -- C:\9b49620dfc815cec2b9accf2
[2011/10/23 17:37:13 | 000,000,000 | ---D | C] -- C:\1ce47bee08e18e16d950eaf42f
[2011/10/23 17:01:43 | 000,089,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SQSRVRES.DLL
[2011/10/23 16:50:40 | 000,000,000 | ---D | C] -- C:\c9ce094ad5d128dfa522
[2011/10/23 12:13:15 | 000,000,000 | ---D | C] -- C:\01be480eadf72ca2905d
[2011/10/23 11:36:11 | 000,000,000 | ---D | C] -- C:\sonic
[2011/10/22 21:12:05 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/10/22 21:12:04 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/10/22 21:11:19 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/10/22 21:10:49 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/10/22 21:08:50 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/10/22 21:08:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/10/22 21:06:32 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/10/22 21:02:38 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/10/21 19:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/20 19:35:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John\Local Settings\Application Data\072cecc6
[2011/09/29 19:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2011/09/29 19:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/29 19:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG Secure Search
[2011/09/29 19:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/29 19:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/09/29 19:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\AVG2012
[2011/09/29 19:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/26 11:41:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2005/10/28 08:46:42 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2005/10/28 08:46:00 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2005/10/28 08:43:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2005/10/28 08:43:16 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2005/10/28 08:43:08 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcfg.exe
[2005/10/28 08:42:14 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfih.exe
[2005/10/28 08:42:00 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2005/10/28 08:41:52 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcoms.exe
[2005/10/28 08:41:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2005/10/28 08:40:58 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2005/10/28 08:37:48 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2005/10/28 08:35:48 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
File not found -- C:\WINDOWS\
[2011/10/25 20:01:23 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D2BD5462-EF45-40AF-93CD-B6D13577B00F}.job
[2011/10/25 19:57:23 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\55151224.sys
[2011/10/25 19:36:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2426275479-784255346-68698174-1006UA.job
[2011/10/25 19:36:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2426275479-784255346-68698174-1006Core.job
[2011/10/25 19:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/25 19:27:35 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/25 19:27:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/25 19:27:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 19:27:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3337366535
[2011/10/25 19:27:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 19:26:57 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 19:18:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/25 19:14:32 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_13170.nl_
[2011/10/25 19:05:25 | 107,326,893 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/25 18:59:44 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/10/24 20:35:13 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/24 20:35:13 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/24 19:32:00 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/24 19:08:40 | 000,675,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/24 19:08:40 | 000,147,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/23 16:44:21 | 000,003,370 | ---- | M] () -- C:\Documents and Settings\John\funshion.ini
[2011/10/23 16:41:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John\FunshionService.timestamp
[2011/10/23 10:51:45 | 001,630,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/22 21:07:14 | 000,012,403 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2011/10/22 21:07:14 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\uedit32.cfg
[2011/10/22 20:23:12 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Microsoft Excel.lnk
[2011/10/21 19:41:45 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\John\Application Data\coreavc.ini
[2011/10/20 19:39:35 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/11 19:22:10 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/10/07 09:33:06 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/07 09:33:05 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Google Chrome.lnk
[2011/10/07 08:50:43 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/05 19:03:49 | 000,223,762 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/09/27 19:29:24 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\John\Desktop\SDK Manager.lnk
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[46 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\John\My Documents\*.tmp files -> C:\Documents and Settings\John\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/24 20:35:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/24 20:35:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/24 19:27:21 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/23 10:51:26 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_13170.nl_
[2011/10/20 19:39:35 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/20 19:35:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3337366535
[2011/09/29 19:25:05 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/27 19:29:05 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\John\Desktop\SDK Manager.lnk
[2011/09/12 20:32:40 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\John\Application Data\coreavc.ini
[2011/09/02 04:39:46 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
[2011/07/09 09:10:24 | 000,050,917 | ---- | C] () -- C:\WINDOWS\php.ini
[2011/07/08 20:26:48 | 000,043,892 | ---- | C] () -- C:\WINDOWS\php52_save.ini
[2011/03/05 17:24:39 | 001,228,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/23 14:54:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/07 21:24:43 | 000,075,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/31 22:27:02 | 001,783,262 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2426275479-784255346-68698174-1006-0.dat
[2010/05/31 22:26:58 | 000,395,494 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/04/14 19:49:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/20 22:45:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/07 20:57:11 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\John\Application Data\dvd.bmk
[2009/01/06 20:24:39 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2009/01/05 22:30:05 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/01/05 22:30:04 | 000,001,515 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2009/01/05 22:30:04 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2008/05/18 18:09:57 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/03/21 11:45:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/29 22:07:33 | 000,000,189 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/31 15:05:08 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/16 19:31:41 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/11/18 19:13:36 | 000,002,303 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2007/11/18 19:13:06 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/05/15 19:43:05 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/04/07 13:21:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\wanmpsvc.exe
[2007/02/18 20:09:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/01/12 20:48:04 | 000,012,403 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2006/12/23 11:26:32 | 000,043,893 | ---- | C] () -- C:\WINDOWS\php5217_save.ini
[2006/12/23 11:26:32 | 000,043,698 | ---- | C] () -- C:\WINDOWS\php.ini.bak
[2006/12/22 18:55:42 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/12/22 18:55:42 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/12/22 18:55:22 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/12/22 18:55:21 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/12/22 18:55:21 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/12/22 16:39:30 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2006/12/22 15:59:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/12/22 15:40:58 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/22 15:27:22 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/12/19 10:01:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/19 09:54:50 | 000,001,154 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/19 09:49:22 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/19 09:47:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/19 09:21:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2006/12/19 09:21:23 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/12/19 09:21:23 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/12/19 09:21:23 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/12/19 09:21:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/12/19 09:21:22 | 000,155,715 | ---- | C] () -- C:\WINDOWS\System32\nvsvc32.exe
[2006/12/19 09:21:21 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/12/19 09:21:21 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/12/19 09:21:21 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/12/19 09:21:21 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/19 09:21:20 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/12/19 09:21:20 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/12/19 09:21:19 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/12/19 09:20:17 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/02 13:41:38 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2006/11/02 13:41:38 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\libswish-e.dll
[2006/11/02 13:41:36 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\libmcrypt.dll
[2006/11/02 13:41:36 | 000,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll
[2006/11/02 13:41:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\msql.dll
[2005/11/23 06:54:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2005/11/23 06:54:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2005/11/23 06:54:22 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2005/11/23 06:53:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2005/11/23 06:53:50 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2005/11/23 06:53:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2005/11/23 06:53:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2005/11/23 06:53:26 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2005/11/10 03:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/28 14:47:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 001,630,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,675,518 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,147,158 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/09/07 21:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/03 19:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/09/29 19:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/07 11:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/02/23 07:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/11/07 11:43:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/16 22:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jOdFgIm17702
[2011/02/16 22:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kLmBjBg17702
[2008/07/04 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011/10/23 11:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/06/23 15:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2009/01/05 20:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/07/19 21:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2007/05/15 19:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/05 20:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/09/07 21:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/19 09:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/03/30 19:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/09/07 21:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\acccore
[2011/09/29 19:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG Secure Search
[2011/09/29 19:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG2012
[2008/05/24 21:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\CallingID
[2008/06/23 15:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Canon
[2010/08/05 21:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GetRightToGo
[2007/03/15 20:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GlobalSCAPE
[2006/12/22 15:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ICAClient
[2006/12/31 18:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech
[2008/03/02 11:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\LimeWire
[2011/10/22 21:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MySQL
[2010/12/19 23:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ooVoo Details
[2007/02/06 21:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\RhinoSoft.com
[2006/12/22 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Smith Micro
[2010/04/28 14:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\TechWizard
[2010/06/13 20:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Thunderbird
[2009/01/05 20:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Ulead Systems
[2008/09/14 19:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Viewpoint
[2011/10/25 19:18:27 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/10/25 20:01:23 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2BD5462-EF45-40AF-93CD-B6D13577B00F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3337366535:4174582585.exe
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >



Please HELP!!

Thank you

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7535 posts

Posted 28 October 2011 - 04:10 PM

Hi skybox999,

Please, follow the instructions on http://www.bleepingc...to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

#3 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7535 posts

Posted 30 November 2011 - 04:59 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users